GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
body-parser-xml vulnerable to Prototype Pollution
High
CVE-2021-3666
was published
for
body-parser-xml
(npm)
Sep 14, 2021
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration...
Moderate
Unreviewed
CVE-2019-17315
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a...
Moderate
Unreviewed
CVE-2019-17316
was published
May 24, 2022
deep-object-diff vulnerable to Prototype Pollution
Moderate
CVE-2022-41713
was published
for
deep-object-diff
(npm)
Nov 4, 2022
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in...
Critical
Unreviewed
CVE-2022-37609
was published
Oct 12, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the...
Critical
Unreviewed
CVE-2022-37598
was published
Oct 20, 2022
flat vulnerable to Prototype Pollution
Critical
CVE-2020-36632
was published
for
flat
(npm)
Dec 25, 2022
merge vulnerable to Prototype Pollution
Critical
CVE-2021-3645
was published
for
@viking04/merge
(npm)
Sep 13, 2021
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Moderate
CVE-2022-21169
was published
for
express-xss-sanitizer
(npm)
Sep 27, 2022
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype...
High
Unreviewed
CVE-2022-1802
was published
Dec 22, 2022
deep-parse-json vulnerable to Prototype Pollution
Moderate
CVE-2022-42743
was published
for
deep-parse-json
(npm)
Nov 4, 2022
Prototype Pollution in deep.assign
Critical
CVE-2021-40663
was published
for
deep.assign
(npm)
Jul 1, 2022
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
High
CVE-2020-28472
was published
for
@aws-sdk/shared-ini-file-loader
(npm)
Nov 16, 2021
fastest-json-copy vulnerable to Prototype Pollution
Moderate
CVE-2022-41714
was published
for
fastest-json-copy
(npm)
Nov 4, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
An attacker could have sent a message to the parent process where the contents were used to...
High
Unreviewed
CVE-2022-1529
was published
Dec 22, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution
Critical
CVE-2020-28471
was published
for
properties-reader
(npm)
Jul 19, 2022
steal vulnerable to Prototype Pollution via optionName variable
Critical
CVE-2022-37264
was published
for
steal
(npm)
Sep 16, 2022
TypeORM vulnerable to MAID and Prototype Pollution
Critical
CVE-2020-8158
was published
for
typeorm
(npm)
May 7, 2021
steal vulnerable to Prototype Pollution via key variable in babel.js
Critical
CVE-2022-37266
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable
Critical
CVE-2022-37257
was published
for
steal
(npm)
Sep 16, 2022
Prototype pollution in Snowboard framework
High
CVE-2022-39357
was published
for
wintercms/winter
(Composer)
Oct 27, 2022
ProTip!
Advisories are also available from the
GraphQL API